Liran Lerman
ABSTRACT
Masking schemes represent a well-researched and successful option to follow when considering side-channel countermeasures. Still, such measures increase the implementation cost in terms of power consumption, clock cycles, and random numbers generation. In fact, the higher the order of protection against side-channel adversaries, the higher the implementation cost of countermeasures. S-boxes represent the most vulnerable part in an implementation when considering side-channel adversary. In this paper, we investigate how to generate S-boxes that have improved resilience against varying orders of side-channel attacks while having minimal implementation costs. We examine whether S-boxes generated against a certain order of attack also represent a good solution when considering different order of attacks. We demonstrate that we successfully generated S-boxes resilient against a certain physical attack order but the improvements are small. As a result, S-boxes that are resilient against first order attacks stay resilient against higher-order attacks, which saves computational power during the design of higher-order side-channel attacks resilient S-boxes.
- Lejla Batina, Benedikt Gierlichs, Emmanuel Prouff, Matthieu Rivain, François-Xavier Standaert, and Nicolas Veyrat-Charvillon. 2011. Mutual Information Analysis: a Comprehensive Study. J. Cryptology 24, 2 (2011), 269--291. Google Scholar
Digital Library
- Claude Carlet. 2010. Vectorial Boolean Functions for Cryptography. In Boolean Models and Methods in Mathematics, Computer Science, and Engineering (1st ed.), Yves Crama and Peter L. Hammer (Eds.). Cambridge University Press, New York, USA, 398--469.Google Scholar
- Claude Carlet, Louis Goubin, Emmanuel Prouff, Michaël Quisquater, and Matthieu Rivain. 2012. Higher-Order Masking Schemes for S-Boxes. In Fast Software Encryption - 19th International Workshop, FSE 2012, Washington, DC, USA, March 19--21, 2012. Revised Selected Papers (Lecture Notes in Computer Science), Anne Canteaut (Ed.), Vol. 7549. Springer, 366--384. Google ScholarDigital Library
- Claude Carlet, Emmanuel Prouff, Matthieu Rivain, and Thomas Roche. 2015. Algebraic Decomposition for Probing Security. In Advances in Cryptology - CRYPTO 2015 - 35th Annual Cryptology Conference, Santa Barbara, CA, USA, August 16--20, 2015, Proceedings, Part I (Lecture Notes in Computer Science), Rosario Gennaro and Matthew Robshaw (Eds.), Vol. 9215. Springer, 742--763.Google Scholar
- Florent Chabaud and Serge Vaudenay. 1995. Links between differential and linear cryptanalysis. In Advances in Cryptology --- EUROCRYPT'94: Workshop on the Theory and Application of Cryptographic Techniques Perugia, Italy, May 9--12, 1994 Proceedings, Alfredo De Santis (Ed.). Springer Berlin Heidelberg, Berlin, Heidelberg, 356--365.Google Scholar
- Kaushik Chakraborty, Sumanta Sarkar, Subhamoy Maitra, Bodhisatwa Mazumdar, Debdeep Mukhopadhyay, and Emmanuel Prouff. 2017. Redefining the transparency order. Des. Codes Cryptography 82, 1--2 (2017), 95--115. Google ScholarDigital Library
- Jean-Sébastien Coron, Paul C. Kocher, and David Naccache. 2000. Statistics and Secret Leakage. In Financial Cryptography, 4th International Conference, FC 2000 Anguilla, British West Indies, February 20--24, 2000, Proceedings (Lecture Notes in Computer Science), Yair Frankel (Ed.), Vol. 1962. Springer, 157--173. Google ScholarDigital Library
- Jean-Sébastien Coron, Arnab Roy, and Srinivas Vivek. 2015. Fast evaluation of polynomials over binary finite fields and application to side-channel countermeasures. J. Cryptographic Engineering 5, 2 (2015), 73--83.Google ScholarCross Ref
- A. E. Eiben and J. E. Smith. 2003. Introduction to Evolutionary Computing. Springer-Verlag, Berlin Heidelberg New York, USA. Google ScholarDigital Library
- Vincent Grosso, Emmanuel Prouff, and François-Xavier Standaert. 2014. Efficient Masked S-Boxes Processing - A Step Forward -. In Progress in Cryptology - AFRICACRYPT 2014 - 7th International Conference on Cryptology in Africa, Marrakesh, Morocco, May 28--30, 2014. Proceedings (Lecture Notes in Computer Science), David Pointcheval and Damien Vergnaud (Eds.), Vol. 8469. Springer, 251--266.Google Scholar
- Paul C. Kocher. 1996. Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems. In Advances in Cryptology - CRYPTO '96, 16th Annual International Cryptology Conference, Santa Barbara, California, USA, August 18--22, 1996, Proceedings (Lecture Notes in Computer Science), Neal Koblitz (Ed.), Vol. 1109. Springer, 104--113. Google ScholarDigital Library
- G. Leander and A. Poschmann. 2007. On the Classification of 4 Bit S-Boxes. In Arithmetic of Finite Fields, Claude Carlet and Berk Sunar (Eds.). Lecture Notes in Computer Science, Vol. 4547. Springer Berlin Heidelberg, 159--176. Google ScholarDigital Library
- Liran Lerman, Nikita Veshchikov, Stjepan Picek, and Olivier Markowitch. 2017. On the Construction of Side-Channel Attack Resilient S-boxes. In Constructive Side-Channel Analysis and Secure Design - 8th International Workshop, COSADE 2017, Paris, France, April 13--14, 2017, Revised Selected Papers (Lecture Notes in Computer Science), Sylvain Guilley (Ed.), Vol. 10348. Springer, 102--119.Google Scholar
- Kaisa Nyberg. 1991. Perfect Nonlinear S-Boxes. In Advances in Cryptology - EUROCRYPT '91, Workshop on the Theory and Application of of Cryptographic Techniques, Brighton, UK, April 8--11, 1991, Proceedings (Lecture Notes in Computer Science), Vol. 547. Springer, 378--386. Google ScholarDigital Library
- Kaisa Nyberg. 1993. On the construction of highly nonlinear permutations. In Advances in Cryptology - EUROCRYPT' 92, RainerA. Rueppel (Ed.). Lecture Notes in Computer Science, Vol. 658. Springer Berlin Heidelberg, 92--98. Google ScholarDigital Library
- Stjepan Picek, Lejla Batina, and Domagoj Jakobovic. 2014. Evolving DPA-Resistant Boolean Functions. In Parallel Problem Solving from Nature - PPSN XIII - 13th International Conference, Ljubljana, Slovenia, September 13--17, 2014. Proceedings (Lecture Notes in Computer Science), Thomas Bartz-Beielstein, Jürgen Branke, Bogdan Filipic, and Jim Smith (Eds.), Vol. 8672. Springer, 812--821.Google Scholar
- Stjepan Picek, Bodhisatwa Mazumdar, Debdeep Mukhopadhyay, and Lejla Batina. 2015. Modified Transparency Order Property: Solution or Just Another Attempt. In Security, Privacy, and Applied Cryptography Engineering - 5th International Conference, SPACE 2015, Jaipur, India, 2015, Proceedings (Lecture Notes in Computer Science), Rajat Subhra Chakraborty, Peter Schwabe, and Jon A. Solworth (Eds.), Vol. 9354. Springer, 210--227. Google ScholarDigital Library
- Stjepan Picek, Kostas Papagiannopoulos, Baris Ege, Lejla Batina, and Domagoj Jakobovic. 2014. Confused by Confusion: Systematic Evaluation of DPA Resistance of Various S-boxes. In Progress in Cryptology - INDOCRYPT 2014 - 15th International Conference on Cryptology in India, New Delhi, India, December 14--17, 2014, Proceedings (Lecture Notes in Computer Science), Willi Meier and Debdeep Mukhopadhyay (Eds.), Vol. 8885. Springer, 374--390.Google Scholar
- Emmanuel Prouff. 2005. DPA Attacks and S-Boxes. In Fast Software Encryption: 12th International Workshop, FSE 2005, Paris, France, February 21--23, 2005, Revised Selected Papers (Lecture Notes in Computer Science), Henri Gilbert and Helena Handschuh (Eds.), Vol. 3557. Springer, 424--441. Google ScholarDigital Library
- Jürgen Pulkus and Srinivas Vivek. 2016. Reducing the Number of Non-linear Multiplications in Masking Schemes. In Cryptographic Hardware and Embedded Systems - CHES 2016 - 18th International Conference, Santa Barbara, CA, USA, August 17--19, 2016, Proceedings (Lecture Notes in Computer Science), Benedikt Gierlichs and Axel Y. Poschmann (Eds.), Vol. 9813. Springer, 479--497.Google Scholar
- Eyal Ronen, Adi Shamir, Achi-Or Weingarten, and Colin O'Flynn. 2017. IoT Goes Nuclear: Creating a ZigBee Chain Reaction. In 2017 IEEE Symposium on Security and Privacy, SP 2017, San Jose, CA, USA, May 22--26, 2017. IEEE Computer Society, 195--212.Google ScholarCross Ref
- François-Xavier Standaert, Tal Malkin, and Moti Yung. 2009. A Unified Framework for the Analysis of Side-Channel Key Recovery Attacks. In Advances in Cryptology - EUROCRYPT 2009, 28th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Cologne, Germany, April 26--30, 2009. Proceedings (Lecture Notes in Computer Science), Antoine Joux (Ed.), Vol. 5479. Springer, 443--461.Google Scholar
- Meltem Sönmez Turan and René Peralta. 2014. The Multiplicative Complexity of Boolean Functions on Four and Five Variables. In Lightweight Cryptography for Security and Privacy - Third International Workshop, LightSec 2014, Istanbul, Turkey, September 1--2, 2014, Revised Selected Papers (Lecture Notes in Computer Science), Thomas Eisenbarth and Erdinç Öztürk (Eds.), Vol. 8898. Springer, 21--33.Google Scholar
Recommendations
Do Not Rely on Clock Randomization: A Side-Channel Attack on a Protected Hardware Implementation of AES
Foundations and Practice of SecurityAbstractClock randomization is one of the oldest countermeasures against side-channel attacks. Various implementations have been presented in the past, along with positive security evaluations. However, in this paper we show that it is possible to break ...
Information Theoretical Analysis of Side-Channel Attack
ICISS 2013: Proceedings of the 9th International Conference on Information Systems Security - Volume 8303This paper presents a proposal of a new information-the-oretical evaluation method for the side-channel resistance. This method provides some benefits: 1 It provides a rationale for evaluation. 2 Moreover, it enables numerical execution of mutual ...
Prefetch Side-Channel Attacks: Bypassing SMAP and Kernel ASLR
CCS '16: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications SecurityModern operating systems use hardware support to protect against control-flow hijacking attacks such as code-injection attacks. Typically, write access to executable pages is prevented and kernel mode execution is restricted to kernel code pages only. ...
Comments